Lucene search
K

7 matches found

OSV
OSV
added 2 days ago5 views

PYSEC-2026-1967 TinyScientist has Path Traversal Vulnerability in PDF Review Function (CWE-22)

Description A critical path traversal vulnerability CWE-22 has been identified in the reviewpaper function in backend/app.py. The vulnerability allows malicious users to access arbitrary PDF files on the server by providing crafted file paths that bypass the intended security restrictions. Impact...

8.8CVSS6AI score0.00597EPSS
Exploits0References6
NVD
NVD
added 2026/04/26 10:17 p.m.13 views

CVE-2026-7042

A flaw has been found in 666ghj MiroFish up to 0.1.2. This affects the function createapp of the file backend/app/init.py of the component REST API Endpoint. Executing a manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been published a...

7.5CVSS0.00383EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/26 1:0 p.m.9 views

EUVD-2026-25719

A flaw has been found in 666ghj MiroFish up to 0.1.2. This affects the function createapp of the file backend/app/init.py of the component REST API Endpoint. Executing a manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been published a...

7.5CVSS5.1AI score0.00383EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/06 6:15 a.m.4 views

CVE-2026-5630 assafelovic gpt-researcher Report API app.py cross site scripting

A flaw has been found in assafelovic gpt-researcher up to 3.4.3. The impacted element is an unknown function of the file backend/server/app.py of the component Report API. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been...

5.3CVSS4.3AI score0.00337EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.9 views

GPT Researcher 代码注入漏洞

GPT Researcher is an AI-based deep research agent tool developed by Assaf Elovic as a personal development tool. Versions of GPT Researcher 3.4.3 and earlier have a code injection vulnerability, which stems from improper handling of the backend/server/app.py file. This vulnerability may lead to...

5.3CVSS5.7AI score0.00337EPSS
Exploits0References5
Snyk
Snyk
added 2025/08/09 2:41 a.m.2 views

Directory Traversal

Overview tiny-scientist is an A lightweight framework for building research agents Affected versions of this package are vulnerable to Directory Traversal via the reviewpaper function in the backend/app.py file. An attacker can access arbitrary PDF files on the server by supplying crafted file...

8.8CVSS7.7AI score0.00597EPSS
Exploits0References2
OSV
OSV
added 2025/08/09 2:2 a.m.3 views

CVE-2025-55149 Path Traversal Vulnerability in PDF Review Function (CWE-22)

Tiny-Scientist is a lightweight framework for automating the entire lifecycle of scientific research—from ideation to implementation, writing, and review. In versions 0.1.1 and below, a critical path traversal vulnerability has been identified in the reviewpaper function in backend/app.py. The...

8.8CVSS6.9AI score0.00597EPSS
Exploits0References3
Rows per page
Query Builder